The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rules compliance deadline was April 14, 2003, in most cases.  Back then, employers amended their plan documents, obtained necessary Business Associate Agreements, drafted internal privacy policies, sent out privacy notices to health plan participants and trained staff on the permissible uses and disclosures of Personal Health Information (PHI).  It all seemed so simple...

However, recent changes arising from the Health Information Technology for Economic and Clinical Health Act (HITECH), which was included in the February 17, 2009 American Recovery and Reinvestment Act of 2009 (ARRA), should encourage employers, in their role as "Covered Entities", to review their HIPAA Privacy and Security safeguards now.  The following summarizes key changes to HIPAA under HITECH, many of which are effective on February 17, 2010.

• Security Breach Notification Requirement for "Unsecured" PHI (effective 9/23/09; sanctions not imposed until 2/22/10):  HIPAA did not require Covered Entities to report breaches in privacy or security of PHI; however, under HITECH, Covered Entities must notify individuals, the Secretary of the Department of Health and Human Services (HHS) and, in certain circumstances, the media when there has been a breach of "Unsecured" PHI. Unsecured PHI has been defined asprotected health information that has not been rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology.  HHS guidance identifies encryption and destruction as two methods for rendering paper or electronic PHI as secured.  Complete guidelines on technologies and methodologies for securing PHI as issued by HHS are available here.  If PHI cannot be secured, notifications of breeches must be made after the discovery of a breach as follows: READ MORE.

The CDC Reports ... Heart Disease is the Number One Cause of Death.  About every 25 seconds, an American will have a coronary event, and about one every minute will die from one.

Celebrate American Heart Month by encouraging your employees to take control of their health, to prevent heart disease or manage existing conditions.  Educate them on how eating right and exercising, as well as working with a doctor, can keep their hearts healthy and happy.  READ MORE.